| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT)
and SecurityConfig struct to replace scattered parameters. Add
parseSecurityConfig helper to consolidate duplicated security parsing
across all three programs. Simplify opReadTime by moving all auth
handling into the client config factory functions.
|
| |
|
|
|
|
|
|
| |
Support authMode=cert alongside anonymous and user. The client
reuses its application certificate as the X509 identity token
(open62541 requires both to match). Server-side access control
advertises the certificate token policy automatically when
sessionPKI is configured.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt,
so unsecure clients failed endpoint negotiation when the LDS only
offered None endpoints. Extract the unsecure client setup into
createUnsecureClientConfig() which explicitly sets securityMode and
securityPolicyUri to None.
Also enable discovery-only None endpoint on ServerRegister so
unencrypted clients can discover it, and update the unsecure_anonymous
test configs to run fully without encryption.
|
| |
|
|
|
|
|
|
| |
Add a discoveryOnly parameter to createServer(). All secure servers
still get the None security policy (needed for the client's initial
GetEndpoints handshake) and securityPolicyNoneDiscoveryOnly, but only
the LDS registers a None endpoint so purely unencrypted clients can
discover it. ServerRegister no longer advertises a None endpoint.
|
| |
|
|
|
|
|
|
|
|
| |
UA_ServerConfig_addSecurityPolicyNone only adds the security policy,
not an endpoint entry. Without a None endpoint in the GetEndpoints
response, the open62541 client's internal endpoint negotiation fails
with BadIdentityTokenRejected before the FindServers request is sent.
Adding the endpoint via UA_ServerConfig_addEndpoint makes the None
endpoint visible; securityPolicyNoneDiscoveryOnly still restricts it
to discovery services only.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only. Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.
Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user. Rename directories to use full
names. Auto-generate certificates and trust stores in run_test.sh.
Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
|
| |
|
|
|
|
|
|
|
| |
- config.c: free partial strdup on configAppend failure
- common.c: consolidate loadTrustStore error paths with goto
- server_lds.c, server_register.c: make running volatile, remove
non-async-signal-safe call from signal handler
- server_register.c: extract LdsClientParams + makeLdsClientConfig
to deduplicate the register/deregister client config setup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename createSecureServer to createServer and add an unsecure path
(UA_ServerConfig_setMinimal) when certPath is NULL, eliminating the
if/else server creation blocks in server_lds.c and server_register.c.
Add parseAuthConfig() to common.c to replace four near-identical
authMode parsing blocks across the three programs.
Restructure server_register.c error handling with goto cleanup,
removing ~20 duplicated cleanup sequences.
Rename the CMake library target from DiscoveryCommon to common.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time. This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.
Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings. The discovery URL moves from config to a CLI argument.
Replace repeated trustList config entries with a single trustStore directory
path. Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file. Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.
Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
|
| |
|
|
|
|
|
|
|
| |
All three programs now accept an optional second argument [log-level]
(trace, debug, info, warning, error, fatal) defaulting to info. The
level is applied by setting the logger context pointer directly,
avoiding a memory leak that would occur from overwriting the
heap-allocated logger struct. Also documents the ASan leak-check
workflow in CLAUDE.md.
|
|
|
CMake-based C project using open62541 for OPC UA discovery.
Includes Local Discovery Server, register server, and find
servers client with OpenSSL encryption support.
|
